Extracted

• • Target

    85c05d0a5d83254cf21d5fb675778c2728a2534ad8b04ff0ea0eb8be1a4aaab2

  • Size

    60KB

  • MD5

    e6ad8f2aae70a48ac22722a9eec31626

  • SHA1

    d348381ba3412722b16120ff091346b81575e4ba

  • SHA256

    85c05d0a5d83254cf21d5fb675778c2728a2534ad8b04ff0ea0eb8be1a4aaab2

  • SHA512

    8abe4cdde92020b735abf743cd19e3973a7df26b14e2540d106c1daa5f1cbb6934294cabe35f2caa922c4ea7c35c9670fe396d8b308c82642070f26513702488

  • SSDEEP

    768:xqqqqm8jNkxD6LI7+qCGtyCwzktphJmNQxfqBlC2x:xqqqqm8jNyoI7+qCGgkgBlC

  Score

  10^/10

  valyriadiscoverydropperexecution

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Valyria

    Malicious Word document which is a loader for other malware.

    droppervalyria

  • Valyria family

    valyria

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • An obfuscated cmd.exe command-line is typically used to evade detection.

  behavioral1behavioral2